Feeds

Missiles-on-rooftops Brit spy Farr: UK gov can slurp your Facebook, Twitter ... What of it?

It's all 'external comms'... and we don't need a warrant

Choosing a cloud hosting partner with confidence

A top UK spy reckons British intelligence can legally snoop on Brits' Facebook posts and tweets because they’re classed as “external communications” – though he wouldn't confirm outright that his g-men had done so.

Charles Farr, director general of the Office for Security and Counter Terrorism, said that the UK government runs a legal programme of mass surveillance on Facebook, Twitter, Google, YouTube and other site users because everything people said or posted on these sites were external comms based on platforms in the US.

That makes the sites fair game for snooping by the intelligence services under the Regulation of Investigatory Powers Act (RIPA), he said. That law says that internal communications can only be intercepted under a warrant for a specific person or address when there is some suspicion of illegal activities. But external comms can be picked up any time, even when there are no grounds for a warrant.

In practice, Farr said, that means that an email sent by a Google user to a Hotmail user both located in the UK is an internal communication, even though it may have passed through a server in another country. However, searching Google, tweeting, posting things on Facebook and other internet activities that end up stored on any server outside Blighty are classed as "external".

“Within the British Islands, the government has sufficient control and considerable resources to investigate individuals and organisations and it is feasible to adopt an interception regime that requires either a particular person, or a set of premises, to be identified before interception can take place,” Farr said in defence of the policy.

“Outside the British Islands, the government does not have the same ability to identify either relevant individuals or premises… the government is in many cases not aware of the precise location and online identities of members of Al-Qaeda around the world or of cyber criminals, Taleban insurgents, proliferators of weapons of mass destruction or precursor chemicals or of other similar individuals or organisations whose activities pose a threat to national security, the prevention and detection of serious crime or the economic well-being of the United Kingdom.”

The former MI6 man also said that electronic messages over the internet could go by a nearly infinite number of routes, so the only practical thing for the government to do was to slurp as much online info as possible. If the intelligence services happened to hoover up some internal communications accidentally, they could just not look at them without a warrant.

“The only practical way in which the government can ensure that it is able to obtain at least a fraction of the type of communication in which it is interested is to provide for the interception of a large volume of communications and the subsequent selection of a small fraction of those communications for examination by the application of relevant sectors,” he said.

Farr released the policy statement in response to a legal challenge from bodies including Privacy International, Amnesty and the American Civil Liberties Union, following the revelations from US whistleblower Edward Snowden about America’s PRISM surveillance programme and the alleged Brit equivalent Tempora.

The privacy campaigners argue the British government should reveal the full extent of Tempora, since the media has already made public documents about it. But Farr said that the alleged Tempora documents were no different to any other presumed leak, so he was sticking to the government’s policy of neither confirming nor denying them.

“I am not aware of any exceptional circumstances which would justify a departure from the neither confirm nor deny principle in relation to the alleged Tempora interception operation,” he said, adding that all he would say was that if it did exist, it would be legal.

But the campaigners said that by lumping platforms like Facebook, Twitter and YouTube into external comms, the government was denying UK citizens their rights.

“British residents are being deprived of the essential safeguards that would otherwise be applied to their communications - simply because they are using services that are based outside the UK,” Privacy International said in a statement.

It added that the some of the suggestions from Farr about why people shouldn’t be worried were laughable.

Farr said that folks shouldn’t be bothered about whether their communications were slurped up by spooks, only if they were then read or listened to or watched. He also said that even when analysts did happen to violate people’s privacy by accessing their internal communications in error, people shouldn’t worry because they’d probably forget what they saw anyway.

“Such an approach suggests that GCHQ believes it is entitled to indiscriminately intercept all communications in and out of the British Isles,” Privacy International said.

You can see Farr’s full statement hosted on the Privacy International website here (PDF). ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.